PIE: A Platform-wide TEE

10/20/2020
by   Moritz Schneider, et al.
0

While modern computing architectures rely on specialized hardware such as accelerators to provide performance and functionality, trusted execution environments (TEEs), one of the most promising recent developments in security, can only protect code confined in the CPU, limiting TEEs potential and applicability to a handful of applications. We observe that the TEEs' hardware trusted computing base (TCB) is fixed at design time, forcing users to rely on (mostly untrustworthy) software to allow peripherals into the TEE. Based on this observation, we propose PIE, a secure platform design with a configurable hardware and software TCB, which allows us to support specialized hardware while ensuring the least privilege principle. We introduce two new security properties relevant to such systems: platform-wide attestation and platform awareness. Platform-wide attestation allows to remotely verify the platform's current state, including the state of specialized hardware devices and how they are connected with each other, whereas platform awareness defines how the enclave reacts upon a change in connected devices. Together, these allow to attest to the hardware configuration of a system and check that only the trusted hardware with the right version of its firmware is part of the TCB (platform-wide attestation) and will stay part of the TCB for the whole execution (platform awareness). Finally, we present a prototype of PIE based on RISC-V's Keystone to show that such systems are feasible with only around 600 lines added to the software TCB, without compromising performance.

READ FULL TEXT
research
05/25/2023

ACAI: Extending Arm Confidential Computing Architecture Protection from CPUs to Accelerators

Trusted execution environments in several existing and upcoming CPUs dem...
research
09/07/2022

SAGE: Software-based Attestation for GPU Execution

With the application of machine learning to security-critical and sensit...
research
10/28/2021

Secure Blockchain Platform for Industrial IoT with Trusted Computing Hardware

As a disruptive technology that originates from cryptocurrency, blockcha...
research
05/30/2022

CTR: Checkpoint, Transfer, and Restore for Secure Enclaves

Hardware-based Trusted Execution Environments (TEEs) are becoming increa...
research
10/29/2020

CURE: A Security Architecture with CUstomizable and Resilient Enclaves

Security architectures providing Trusted Execution Environments (TEEs) h...
research
09/24/2022

Certified Hardware Requirements Undermine Digital Currency

Design approaches based on certified hardware have featured prominently ...
research
04/08/2021

CRC: Fully General Model of Confidential Remote Computing

Digital services have been offered through remote systems for decades. T...

Please sign up or login with your details

Forgot password? Click here to reset